Encryption In Canada

Canadian police have been pushing for more surveillance powers for some time now. Specifically, police want to be able to force people to unlock their phones, or to force ISPs to give the government real-time access to subscriber information. Right now Canada has no such laws, but the police want the media to influence public opinion on these matters.

The police gave CBC’s David Seglins and the Toronto Star‘s Robert Cribb security clearance to review details of 10 high priority police investigations. These investigations show how the police encounter “roadblocks” when dealing with encryption. The problem? The police stage-managed the information-sharing investigations. Instead of giving the journalists direct access to the case files, they got “detailed written case summaries.” The journalists could ask questions and had background information, but “many details were withheld.”

“On the one hand, the [RCMP] do have a serious problem…But to give information in this way to two respected media organizations does two things: it uses the media to create moral panic, and it makes the media look like police agents.”

When Motherboard asked if the CBC and Star had a say in which cases they reviewed, Seglins and Cribb wrote back. They said they did ask for details on a “handful of individual cases of interest” and police complied “in some cases.” The police did deny them access to one file because it was an ongoing investigation.

Image credit: Pixabay

Weakening Encryption

Canada has a history of working to weaken encryption. The Canadian Association of Chiefs of Police (CACP), a lobbying organization, passed a resolution in August. This resolution mandates that the group push for a law that forces people to give up their computer passwords to police with a judge’s consent. Michael Von, policy director for the BC Civil Liberties Union (BCCLA), said:

“To say this is deeply problematic is to understate the matter. We have all kinds of laws that do not compel people to incriminate themselves or even speak.”

There are a couple of ways to go about weakening encryption: legislating access to decryption keys, and compromising global encryption standards. Canada has already introduced legislation that requires telecoms to decrypt communications, if the companies have kept decryption keys. This affects wireline and wireless carriers, as well as companies like Google, Facebook and Twitter.

A more drastic measure is to compromise overall encryption around the world. This is bad news for everyone. Canada’s foreign signals intelligence agency, the Communications Security Establishment (CSE) has actively done just this. It undermines crucial mechanisms that form the basis for encrypted communications.

And it’s not just Canada. Snowden documents revealed that in 2006 the NSA successfully weakened the encryption standard DUAL EC DRBG. The National Institute for Science and Technology (NIST) then immediately approved it.

Image credit: NBC News

Real-Time Data

The CACP is just an advocacy group, and any resolution they pass don’t have any real effect on the law. Additionally, this isn’t new territory of for the group. They have a history of wanting powers that go beyond what the law allows. For example, the idea to have ISPs provide real-time access? That was courtesy of the CACP.

Right now, Canadian police need a warrant to access subscriber information from telecommunications companies. In 2014 Canada’s Supreme Court ruled that subscriber info like names and addresses carry with it a reasonable expectation of privacy. Accessing it without a warrant would be an unlawful search.

Requests for subscriber info take more than a month to arrive. So the CACP said it supports a new law “…to specifically provide law enforcement the ability to obtain, in real-tie or near real-time, basic subscriber information.” This isn’t possible if you need a warrant.

The Future

Canada already has the ability to fully decrypt Blackberry communications. Weakened encryption affects the good guys as much as the bad. Privacy lawyer David Fraser said:

“If ordinary Canadians don’t have access to technology to protect their privacy, bad guys would be able to very easily, online, get the same tools that they’re using today to encrypt their communications. Overall, we would be no safer, and in fact less safe.”

LiquidVPN has a guide on certain products to use to encrypt your communications and stay safe online. Now may be a good time to review them.